diff options
| author | Eduardo Chappa <chappa@washington.edu> | 2014-02-02 00:18:35 -0700 |
|---|---|---|
| committer | Eduardo Chappa <chappa@washington.edu> | 2014-02-02 00:18:35 -0700 |
| commit | 18a5af00c1cf15852d694d20c58e7271112263d8 (patch) | |
| tree | 5b46b810260e0161cb3c9eac5e04d80712651b84 /alpine/pine-use.c | |
| parent | 1bf084e1ed4cd931b08e233a3f5c30cc9de05dfc (diff) | |
| download | alpine-18a5af00c1cf15852d694d20c58e7271112263d8.tar.xz | |
* Update to version 2.19.5
* check bounds and tie strings off to improve security. Contributed by
James Jerkins.
* Alpine crashed when a user attempted to add a folder collection, due
to bug in GET_NAMESPACE in imap4r1.c.
Diffstat (limited to 'alpine/pine-use.c')
| -rw-r--r-- | alpine/pine-use.c | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/alpine/pine-use.c b/alpine/pine-use.c index dd7fc8de..90609318 100644 --- a/alpine/pine-use.c +++ b/alpine/pine-use.c @@ -15,6 +15,8 @@ static char rcsid[] = "$Id: pine-use.c 761 2007-10-23 22:35:18Z hubert@u.washing * ======================================================================== */ +#include <stdlib.h> +#include <string.h> #include <stdio.h> #include <pwd.h> #include <sys/types.h> @@ -71,10 +73,10 @@ main(argc, argv) printf("%5d users processed so far\n", so_far); } - if(strcmp(pw->pw_dir, "/") == 0) + if(strncmp(pw->pw_dir, "/", 1) == 0) continue; - sprintf(filename, "%s/.pinerc", pw->pw_dir); + snprintf(filename, sizeof(filename), "%s/.pinerc", pw->pw_dir); if(stat(filename, &statb) < 0) continue; if(statb.st_mtime + 7 * DAYSEC > now) @@ -98,11 +100,11 @@ main(argc, argv) } } - sprintf(filename, "%s/.signature", pw->pw_dir); + snprintf(filename, sizeof(filename), "%s/.signature", pw->pw_dir); if(access(filename, 0) == 0) sig_files++; - sprintf(filename, "%s/core", pw->pw_dir); + snprintf(filename, sizeof(filename), "%s/core", pw->pw_dir); if((f = fopen(filename, "r")) != NULL) { fflush(stdout); while((c = getc(f)) != EOF) { @@ -121,7 +123,7 @@ main(argc, argv) *p = '\0'; if(c == EOF) break; - if(strcmp(&buf[strlen(buf) - 13], "(olivebranch)") == 0) { + if(strncmp(&buf[strlen(buf) - 13], "(olivebranch)", 13) == 0) { printf("%s\t%s\n", filename, buf + 14); core_files++; if(core != NULL) { @@ -147,7 +149,7 @@ main(argc, argv) printf("%5d: more than a year\n", user_count[4]); printf("%5d: core files\n", core_files); printf("%5d: Average messages in inbox (%ld/%d)\n", - inbox_mess/inboxes, inbox_mess, inboxes); + inbox_mess/(inboxes ? inboxes : 1), inbox_mess, inboxes); printf("%5d: Largest inbox in messages\n", inbox_mess_max); printf("%5d: Total users checked\n", so_far); printf("%5d: signature files\n", sig_files); @@ -161,7 +163,7 @@ mail_file_size(user) FILE *f; char buf[20480]; - sprintf(buf, MAILSPOOLPCTS, user); + snprintf(buf, sizeof(buf), MAILSPOOLPCTS, user); f = fopen(buf, "r"); if(f == NULL) |